Can You Spot the Red Flags of Medical Identity Theft? FTC Rule Enforcement Now Begins November 1, 2009

The Red Flags Rule, designed to prevent and detect identity theft, takes effect August 1. Health care providers should carefully review the Rule’s definitions, because you may be surprised at how many health professionals are considered “creditors” who must develop Identity Theft Prevention Programs. The Red Flags Rule, 16 CFR § 681, applies to “financial institutions” and “creditors.” However, if your patients are not paying for services at the time that they are received, then you may be considered a creditor. A common example of this is a facility that provides services, submits patients’ insurance claims, and then bills the individual patients for charges not covered by insurance. In this case, the facility is acting as a creditor for purposes of the Red Flags Rule. Long-term care facilities also are considered creditors if they use deferred payment or billing systems.

Health care professionals who are creditors must implement written Identity Theft Prevention Programs to prevent identity theft and to detect it if it’s occurring in the context of medical identity theft. Your written program may include processes such as verifying your patients’ identities, asking for photo identification each time your patients receive services, and other steps designed to reduce the incidence of medical identity theft. For most health-care professionals, the written program will be a relatively simple document that sets forth how your organization will detect and respond to any “red flags” that arise in the course of your business.

You can learn more about how these requirements may affect your business by reading the FTC’s publication, The “Red Flags” Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft.

What should you do if you’re subject to the new rule and haven’t done anything to prepare? A good place to start is The FTC’s How-To Guide for Business, which includes a guided process for developing your Identity Theft Prevention Program. You’ll also find a detailed FAQ section to help you get quickly up to speed and stay in compliance with these new requirements.